被大名鼎鼎的Docker折腾了两天,各种不通,各种不解,很有意思,整个过程也纯属娱乐体验,不过还是摘出其中有点用的部分,分享出来。Docker是一开源项目,是可以将任何应用包装在”LXC容器”中运行的工具。而Linux Containers (LXC)是Linux内核容器功能的一个用户空间接口。通常被认为介于“加强版”的chroot和完全成熟的虚拟机之间的技术
。总体感觉Docker能够将各种应用包装起来,打包成Docker Image,方便部署和运维管理,是一典型的PaaS。
体验过程都是基于CentOS,包括docker中的各种容器的测试。
安装过程很简单,CentOS6.5下:
yum -y install docker-io service docker start chkconfig docker on
安装完毕,确认是否正常:
# docker info Containers: 0 Images: 12 Driver: devicemapper Pool Name: docker-253:1-1177694-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 1708.9 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 1.6 Mb Metadata Space Total: 2048.0 Mb
获取需要的镜像文件,需要说明的是国内用户经常无法pull下来镜像,建议修改宿主机的dns并且指定hosts,当然有vpn最好,原因你懂的。
# docker pull centos Pulling repository centos 539c0211cd76: Downloading [====> ] 7.926 MB/98.56 MB 4m24s # docker pull ubuntu Pulling repository ubuntu eb601b8965b8: Downloading [=========================================> ] 50.19 MB/60.28 MB 37s 9cc9ea5ea540: Download complete 9f676bd305a4: Downloading [============================================> ] 55.48 MB/62.78 MB 24s 9cd978db300e: Downloading [========================================> ] 54.95 MB/67.3 MB 42s 5ac751e8d623: Downloading [===========================================> ] 50.2 MB/58.08 MB 29s 511136ea3c5a: Download complete 7a4f87241845: Download complete 1c7f181e78b9: Download complete 6170bb7b0ad1: Download complete 321f7f4200f4: Download complete f323cf34fd77: Download complete
列出现有的本地镜像列表:
# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE ubuntu 13.10 9f676bd305a4 5 weeks ago 182.1 MB ubuntu saucy 9f676bd305a4 5 weeks ago 182.1 MB ubuntu raring eb601b8965b8 5 weeks ago 170.2 MB ubuntu 13.04 eb601b8965b8 5 weeks ago 170.2 MB ubuntu 12.10 5ac751e8d623 5 weeks ago 161.4 MB ubuntu quantal 5ac751e8d623 5 weeks ago 161.4 MB ubuntu 10.04 9cc9ea5ea540 5 weeks ago 183 MB ubuntu lucid 9cc9ea5ea540 5 weeks ago 183 MB ubuntu 12.04 9cd978db300e 5 weeks ago 204.7 MB ubuntu latest 9cd978db300e 5 weeks ago 204.7 MB ubuntu precise 9cd978db300e 5 weeks ago 204.7 MB centos 6.4 539c0211cd76 11 months ago 300.6 MB centos latest 539c0211cd76 11 months ago 300.6 MB
为了在Docker中启动ssh和apache可谓是费劲了周折,下面是折腾之后可行的方案:
配置Dockerfile,这一思想非常重要,一直以为有了基础的镜像就可以ssh上去配置apache等应用,其实人家Docker不是这样玩滴。
# cat Dockerfile # sshd # # VERSION 0.0.1 FROM centos:6.4 MAINTAINER Fisher via “sudops.com” RUN yum install -y openssh openssh-server httpd RUN echo 'root:mypwd' |chpasswd RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key EXPOSE 22 EXPOSE 80 CMD /usr/sbin/sshd -D
根据Dockerfile创建新的镜像,注意这个是基于centos:6.4的原始镜像,其中ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key也比较重要,根据docker官网的例子是ubuntu下的sshd服务,跟centos并不一样,按理说/usr/sbin/sshd -D就会创建了主机的rsakey,但是后面通过ssh连的时候一直有“Read from socket failed: Connection reset by peer
”的报错,增加两个ssh-keygen就可以了。
#docker build -rm -t fisher/ssh:apache . Uploading context 2.56 kB Uploading context Step 0 : FROM centos:6.4 ---> 539c0211cd76 Step 1 : MAINTAINER Fisher "fisher@sudops.com" ---> Using cache ---> a1783d7c5dca Step 2 : RUN yum install -y openssh openssh-server httpd ---> Running in 5e7049f4b8d7 Loaded plugins: fastestmirror Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.15-29.el6.centos will be installed --> Processing Dependency: httpd-tools = 2.2.15-29.el6.centos for package: httpd-2.2.15-29.el6.centos.x86_64 --> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.2.15-29.el6.centos.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-29.el6.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-29.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-29.el6.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-29.el6.centos.x86_64 ---> Package openssh.x86_64 0:5.3p1-94.el6 will be installed --> Processing Dependency: libcrypto.so.10(libcrypto.so.10)(64bit) for package: openssh-5.3p1-94.el6.x86_64 --> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1)(64bit) for package: openssh-5.3p1-94.el6.x86_64 --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-5.3p1-94.el6.x86_64 ---> Package openssh-server.x86_64 0:5.3p1-94.el6 will be installed --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-5.3p1-94.el6.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package fipscheck-lib.x86_64 0:1.2.0-7.el6 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.2.0-7.el6.x86_64 ---> Package httpd-tools.x86_64 0:2.2.15-29.el6.centos will be installed ---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed ---> Package openssl.x86_64 0:1.0.0-27.el6_4.2 will be updated ---> Package openssl.x86_64 0:1.0.1e-16.el6_5.4 will be an update --> Processing Dependency: make for package: openssl-1.0.1e-16.el6_5.4.x86_64 ---> Package redhat-logos.noarch 0:60.0.14-12.el6.centos will be installed ---> Package tcp_wrappers-libs.x86_64 0:7.6-57.el6 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.2.0-7.el6 will be installed ---> Package make.x86_64 1:3.81-20.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.2.15-29.el6.centos base 821 k openssh x86_64 5.3p1-94.el6 base 258 k openssh-server x86_64 5.3p1-94.el6 base 311 k Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base 123 k apr-util x86_64 1.3.9-3.el6_0.1 base 87 k apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k fipscheck x86_64 1.2.0-7.el6 base 14 k fipscheck-lib x86_64 1.2.0-7.el6 base 8.3 k httpd-tools x86_64 2.2.15-29.el6.centos base 73 k mailcap noarch 2.1.31-2.el6 base 27 k make x86_64 1:3.81-20.el6 base 389 k redhat-logos noarch 60.0.14-12.el6.centos base 15 M tcp_wrappers-libs x86_64 7.6-57.el6 base 62 k Updating for dependencies: openssl x86_64 1.0.1e-16.el6_5.4 updates 1.5 M Transaction Summary ================================================================================ Install 13 Package(s) Upgrade 1 Package(s) Total download size: 18 M Downloading Packages: http://mirrors.tuna.tsinghua.edu.cn/centos/6.5/os/x86_64/Packages/mailcap-2.1.31-2.el6.noarch.rpm: [Errno 12] Timeout on http://mirrors.tuna.tsinghua.edu.cn/centos/6.5/os/x86_64/Packages/mailcap-2.1.31-2.el6.noarch.rpm: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. http://mirrors.skyshe.com/centos/6.5/os/x86_64/Packages/mailcap-2.1.31-2.el6.noarch.rpm: [Errno 12] Timeout on http://mirrors.skyshe.com/centos/6.5/os/x86_64/Packages/mailcap-2.1.31-2.el6.noarch.rpm: (28, 'Operation too slow. Less than 1 bytes/sec transfered the last 30 seconds') Trying other mirror. -------------------------------------------------------------------------------- Total 191 kB/s | 18 MB 01:37 rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Importing GPG key 0xC105B9DE: Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org> Package: centos-release-6-4.el6.centos.10.x86_64 (@febootstrap/$releasever) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installed: httpd.x86_64 0:2.2.15-29.el6.centos openssh.x86_64 0:5.3p1-94.el6 openssh-server.x86_64 0:5.3p1-94.el6 Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 fipscheck.x86_64 0:1.2.0-7.el6 fipscheck-lib.x86_64 0:1.2.0-7.el6 httpd-tools.x86_64 0:2.2.15-29.el6.centos mailcap.noarch 0:2.1.31-2.el6 make.x86_64 1:3.81-20.el6 redhat-logos.noarch 0:60.0.14-12.el6.centos tcp_wrappers-libs.x86_64 0:7.6-57.el6 Dependency Updated: openssl.x86_64 0:1.0.1e-16.el6_5.4 Complete! ---> ec69f685666f Step 3 : RUN echo 'root:123456' |chpasswd ---> Running in 1e8a21b44259 ---> 77a5f5aa5019 Step 4 : RUN useradd fisher ---> Running in c71caae54df7 ---> 931a3e559f4a Step 5 : RUN echo 'fisher:1234' |chpasswd ---> Running in 1905e7b517eb ---> dad68ccadc0c Step 6 : RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ---> Running in 8df3a031d5cd Generating public/private rsa key pair. Your identification has been saved in /etc/ssh/ssh_host_rsa_key. Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub. The key fingerprint is: b5:43:1b:70:46:83:dd:e2:07:ea:16:bf:a3:d6:ff:0e root@5e7049f4b8d7 The key's randomart image is: +--[ RSA 2048]----+ | .+=. | | .++.. | | o+o | | oo.+. | | .So+. | | o .. | | . . .E | | . + . | | ... o.oo | +-----------------+ ---> def9fe67940d Step 7 : RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ---> Running in 94a6a6f8aba9 Generating public/private dsa key pair. Your identification has been saved in /etc/ssh/ssh_host_dsa_key. Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub. The key fingerprint is: cf:77:63:67:7e:95:2d:f2:96:ff:eb:6d:21:36:eb:ef root@5e7049f4b8d7 The key's randomart image is: +--[ DSA 1024]----+ | | | | | | | | | S o| | o .+.oo| | o ooBo=| | . ++=+| | .o+EO| +-----------------+ ---> 7d256dc069aa Step 8 : EXPOSE 22 ---> Running in c6fc23b0af2e ---> 7a20251ec658 Step 9 : EXPOSE 80 ---> Running in 5ee0054465af ---> b79955b6680b Step 10 : CMD /usr/sbin/sshd -D ---> Running in eee189042220 ---> 092e8c55ac28 Successfully built 092e8c55ac28 Removing intermediate container 5e7049f4b8d7 Removing intermediate container c71caae54df7 Removing intermediate container 1905e7b517eb Removing intermediate container eee189042220 Removing intermediate container 1e8a21b44259 Removing intermediate container 8df3a031d5cd Removing intermediate container 94a6a6f8aba9 Removing intermediate container c6fc23b0af2e Removing intermediate container 5ee0054465af
现在的image情况
# docker images fisher/ssh apache 698b5f26ae7b 40 seconds ago 368.2 MB
# 配置端口映射和
docker run -d -p 22 -p 8000:80 fisher/ssh:apache 698b5f26ae7b664c7d813a2d98ce2d7f26c2a682154ddcad1409c895ac2d0fe2
# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 698b5f26ae7b fisher/ssh:apache /bin/sh -c /usr/sbin 16 seconds ago Up 14 seconds 0.0.0.0:49157->22/tcp, 0.0.0.0:8000->80/tcp trusting_wozniak #docker port 698b5f26ae7b 22 0.0.0.0:49157 # docker port 698b5f26ae7b 80 0.0.0.0:8000 # netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 961/sshd tcp 0 0 :::22 :::* LISTEN 961/sshd tcp 0 0 :::8000 :::* LISTEN 1076/docker tcp 0 0 :::49157 :::* LISTEN 1076/docker
ssh连接测试
# ssh root@127.0.0.1 -p 49157 root@@127.0.0.1's password: Last login: Thu Mar 13 06:40:33 2014 from 127.0.0.1 -bash-4.1# -bash-4.1# -bash-4.1# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1/sshd tcp 0 0 :::80 :::* LISTEN 79/httpd tcp 0 0 :::22 :::* LISTEN 1/sshd -bash-4.1# exit logout Connection to @127.0.0。1 closed.
总结:貌似在docker的体验过程中还是有点小问题,单独做apache镜像和单独做sshd的镜像都没问题,但是两个服务一起的话发现不是sshd无法访问就是80无法映射,我基本无语了,无数次的rm,rmi,rebuild,不禁问一句,docker你到底要闹哪样?
参考:
http://dockerbook.com/TheDockerBook_sample.pdf
http://docs.docker.io/en/latest/examples/running_ssh_service/
Pingback: 创建基于CentOS下sshd和httpd服务的Docker image | 运维·速度